Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1B0Ma9f13a46PVYEf5WukjE4Rl4.roa
File:                     1B0Ma9f13a46PVYEf5WukjE4Rl4.roa (raw, json)
Hash identifier:          wETPK99E4RUW7DAkjQ6oJIldRw+bn3hp9O6CSoHLBTc=
Subject key identifier:   D4:1D:0C:6B:D7:F5:DD:AE:3A:3D:56:04:7F:95:AE:92:31:38:46:5E
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0197F15329E7E7E6CAFD268ACD31050C7BA7
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1B0Ma9f13a46PVYEf5WukjE4Rl4.roa
Signing time:             Wed 09 Jul 2025 22:34:08 +0000
ROA not before:           Wed 09 Jul 2025 22:34:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7015
IP address blocks:        5.182.192.0/24 maxlen: 24
                          31.132.52.0/24 maxlen: 24
                          31.132.53.0/24 maxlen: 24
                          36.255.213.0/24 maxlen: 24
                          45.248.52.0/24 maxlen: 24
                          92.249.31.0/24 maxlen: 24
                          103.130.178.0/24 maxlen: 24
                          103.210.12.0/24 maxlen: 24
                          147.78.205.0/24 maxlen: 24
                          147.78.206.0/24 maxlen: 24
                          162.218.90.0/24 maxlen: 24
                          185.187.212.0/24 maxlen: 24
                          185.205.205.0/24 maxlen: 24
                          212.60.15.0/24 maxlen: 24
                          217.197.169.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 10 Jul 2025 05:37:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f1:53:29:e7:e7:e6:ca:fd:26:8a:cd:31:05:0c:7b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jul  9 22:34:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d41d0c6bd7f5ddae3a3d56047f95ae923138465e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4d:9c:22:ba:b5:98:60:44:d6:98:fc:6e:77:
                    8b:4f:64:b9:b7:dc:f2:3e:c7:bd:b3:9a:e6:45:a9:
                    2b:be:4e:27:a2:3e:04:97:a1:1f:79:da:7a:c6:dc:
                    67:32:65:8b:59:48:6d:fb:db:75:df:be:2d:2a:1e:
                    ef:21:31:c1:22:e0:4a:b1:0f:56:da:42:51:75:4d:
                    de:8d:f6:ed:ea:86:42:ac:e0:45:16:0f:05:ec:bc:
                    68:b2:22:60:4a:73:d5:49:fe:03:cc:53:2d:e0:5f:
                    7e:97:df:fa:ac:35:94:03:c0:6b:b4:8b:b1:69:37:
                    15:9a:1b:90:93:2f:0f:c4:fd:2d:9b:20:0a:61:dc:
                    6f:2b:ad:f4:8f:5c:f7:52:3b:aa:be:4b:50:4f:07:
                    3c:d0:e3:53:7b:0b:f0:a5:1c:3f:ce:98:f3:06:42:
                    98:26:9b:ec:3f:f1:49:d1:af:24:e6:91:0b:04:bd:
                    57:51:02:e4:45:24:8f:08:df:3a:60:2d:ab:06:56:
                    ff:9f:57:65:39:53:16:9f:ee:58:27:c6:30:56:d3:
                    1b:46:35:8f:7f:07:ee:88:8b:c8:78:5b:62:92:8b:
                    e5:4e:73:a0:48:0a:dd:b7:49:8a:36:4d:4e:fd:30:
                    92:88:f9:c2:19:57:85:f9:64:3a:9d:b3:71:1a:05:
                    9b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1D:0C:6B:D7:F5:DD:AE:3A:3D:56:04:7F:95:AE:92:31:38:46:5E
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1B0Ma9f13a46PVYEf5WukjE4Rl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.192.0/24
                  31.132.52.0/23
                  36.255.213.0/24
                  45.248.52.0/24
                  92.249.31.0/24
                  103.130.178.0/24
                  103.210.12.0/24
                  147.78.205.0-147.78.206.255
                  162.218.90.0/24
                  185.187.212.0/24
                  185.205.205.0/24
                  212.60.15.0/24
                  217.197.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:12:f5:01:58:d1:11:d8:6f:f9:4b:9f:08:4f:c4:cb:75:6e:
         d3:bb:50:0d:b6:4d:44:fe:b4:6b:63:94:dd:8e:ed:85:77:eb:
         ac:98:69:96:b9:b6:46:52:b8:63:05:49:f3:ff:88:51:dc:b2:
         34:a7:f7:af:ad:b3:cb:92:17:d8:ba:0e:b0:fa:ba:11:cf:71:
         52:32:08:cf:b4:e5:19:8f:a2:0f:28:9a:01:7f:21:26:d8:7a:
         12:e2:81:0a:5a:8d:44:cc:22:40:ac:0a:c7:c0:45:47:14:29:
         0c:b7:bc:a6:04:ef:8d:76:8d:5e:54:9f:9f:b1:75:12:7b:45:
         5e:19:2c:1d:0c:f2:57:44:f4:eb:39:4e:c1:b7:75:c4:8a:b6:
         0b:4f:4c:12:30:f4:18:ee:cf:bc:27:c3:6c:da:f0:d5:f1:66:
         fe:49:0d:43:9d:4c:8d:8a:09:5a:79:d6:7f:08:cc:e8:c8:95:
         ae:ae:d6:e0:d0:0b:c9:17:1d:c7:98:1e:12:ec:9f:a8:70:10:
         8d:b6:18:ce:7d:14:16:b2:8f:40:64:10:31:d3:37:6f:50:00:
         ed:4f:76:ce:09:73:25:2c:1b:64:17:6c:4b:ee:31:4b:b1:00:
         62:e9:45:14:ef:6b:44:82:3c:89:86:74:f0:d5:35:63:62:4a:
         ce:c2:f0:39
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZfxUynn5+bK/SaKzTEFDHunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwNzA5MjIzNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDFkMGM2YmQ3ZjVkZGFlM2EzZDU2MDQ3Zjk1YWU5MjMxMzg0NjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyU2cIrq1mGBE1pj8bneLT2S5t9zy
Pse9s5rmRakrvk4noj4El6Efedp6xtxnMmWLWUht+9t1374tKh7vITHBIuBKsQ9W
2kJRdU3ejfbt6oZCrOBFFg8F7LxosiJgSnPVSf4DzFMt4F9+l9/6rDWUA8BrtIux
aTcVmhuQky8PxP0tmyAKYdxvK630j1z3UjuqvktQTwc80ONTewvwpRw/zpjzBkKY
JpvsP/FJ0a8k5pELBL1XUQLkRSSPCN86YC2rBlb/n1dlOVMWn+5YJ8YwVtMbRjWP
fwfuiIvIeFtikovlTnOgSArdt0mKNk1O/TCSiPnCGVeF+WQ6nbNxGgWbYwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFNQdDGvX9d2uOj1WBH+VrpIxOEZeMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvMUIwTWE5ZjEzYTQ2UFZZRWY1V3VrakU0Umw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQABbbAAwQB
H4Q0AwQAJP/VAwQALfg0AwQAXPkfAwQAZ4KyAwQAZ9IMMAwDBACTTs0DBACTTs4D
BACi2loDBAC5u9QDBAC5zc0DBADUPA8DBADZxakwDQYJKoZIhvcNAQELBQADggEB
AEAS9QFY0RHYb/lLnwhPxMt1btO7UA22TUT+tGtjlN2O7YV366yYaZa5tkZSuGMF
SfP/iFHcsjSn96+ts8uSF9i6DrD6uhHPcVIyCM+05RmPog8omgF/ISbYehLigQpa
jUTMIkCsCsfARUcUKQy3vKYE7412jV5Un5+xdRJ7RV4ZLB0M8ldE9Os5TsG3dcSK
tgtPTBIw9Bjuz7wnw2za8NXxZv5JDUOdTI2KCVp51n8IzOjIla6u1uDQC8kXHceY
HhLsn6hwEI22GM59FBayj0BkEDHTN29QAO1Pds4JcyUsG2QXbEvuMUuxAGLpRRTv
a0SCPImGdPDVNWNiSs7C8Dk=
-----END CERTIFICATE-----